Cyber-attacks on the energy industry could cause physical damage

The energy industry is mostly unprepared for cyber-threats, a new study by Tripwire suggests.

The global provider of advanced threat, security and compliance solutions announced these results in a study conducted for it by Dimensional Research. The study looked at cyber-security challenges faced by organisations in the energy sectors, and includes answers from more than 150 IT professionals.

The results say 82 per cent of the respondents said a cyber-attack on their operational technology (OT) could mean physical damage. On the other hand, the answer to the question could their organisations accurately track all the threats targeting their OT networks, 65 per cent said ‘no’.

“The incredibly high percentages of these responses underscores the need for these industries to take material steps to improve cyber security,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “These threats are not going away. They are getting worse.”

Moreover, 76 per cent of IT professionals questioned said they believe their organisation is a target for cyber-attacks, which could cause physical damage, and 78 per cent said they could be targeted by a state-sponsored attack.

Everyone surveyed said they believe a kinetic cyber-attack on their OT could cause physical damage.

“We’ve already seen the reality of these responses in the Ukraine mere months after this survey was completed,” Erin continued. There can be no doubt that there is a physical safety risk from cyber-attacks targeting the energy industry today. While the situation may seem dire, in many cases there are well understood best practices that can be deployed to materially reduce the risk of successful cyber-attacks.”